Opportunity Knocks: Earn $500–$1,000 Per Call Recruiting Women for IT Help Desk Vishing Attacks

The Rise of Female Social Engineers in Cybercrime

An infamous cybercrime group, known as Scattered LAPSUS$ Hunters (SLH), is now seeking to recruit women to conduct social engineering attacks for financial gain. The group is offering monetary incentives ranging from $500 to $1,000 per call, along with pre-written scripts to execute voice phishing campaigns targeting IT help desks.

According to a recent threat brief by Dataminr, SLH is strategically diversifying its pool of social engineers by specifically targeting women to carry out vishing attacks. This approach is believed to enhance the success rate of help desk impersonation, a key tactic employed by the group.

Comprising LAPSUS$, Scattered Spider, and ShinyHunters, SLH has a reputation for executing sophisticated social engineering schemes to bypass security measures like multi-factor authentication (MFA) using techniques such as MFA prompt bombing and SIM swapping.

One of the group’s primary strategies involves infiltrating help desks and call centers by posing as employees and persuading staff to reset passwords or install remote monitoring tools that grant unauthorized access. Once inside a network, Scattered Spider has been observed moving laterally to virtualized environments, escalating privileges, and stealing sensitive corporate data, sometimes leading to ransomware attacks.

SLH’s tactics also involve utilizing legitimate services and residential proxy networks to evade detection while blending in with legitimate traffic. The group employs tunneling tools and free file-sharing services to maintain a low profile and carry out their malicious activities.

The Psychological Manipulation Tactics of Scattered Spider

In a recent report by Palo Alto Networks Unit 42, Scattered Spider, also known as Muddled Libra, was described as highly skilled at exploiting human psychology through impersonation techniques to bypass security protocols like MFA.

The threat actor has been known to impersonate employees to request password resets and other sensitive information, demonstrating a deep understanding of social engineering tactics.

Unit 42’s investigation revealed that Scattered Spider had successfully created a virtual machine (VM) using privileged credentials obtained through social engineering, allowing them to conduct reconnaissance and attempt data exfiltration from targeted databases.

Moreover, the group has a history of targeting Microsoft Azure environments using the Graph API and cloud enumeration tools for reconnaissance purposes, showcasing their versatility in exploiting cloud-based platforms.

Protecting Against Social Engineering Attacks

With social engineering becoming a prevalent threat vector, organizations are advised to train IT personnel to recognize and respond to pre-written scripts, voice impersonation, and other tactics commonly used by cybercriminals.

Implementing strict identity verification measures, enhancing MFA policies, and monitoring user activity following help desk interactions are crucial steps in mitigating the risk of social engineering attacks.

By specifically recruiting female social engineers, SLH is evolving its tactics to bypass traditional security measures, highlighting the importance of remaining vigilant and proactive in defending against evolving cyber threats.